speccy
speccy copied to clipboard
Update redoc min version because of a critical vulnerability in dompurify
Detailed description
npm audit
reports the following critical vulnerability in dompurify as used by redoc.
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ dompurify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ redoc │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ redoc > dompurify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1205 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ dompurify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ redoc │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ redoc > dompurify │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1223 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Updating to [email protected] or newer will update dompurify and fix the vulnerability
@MikeRalphson @djtarazona any chance this could be fixed and released soon?
I have no commit rights to this repository, and believe it is de facto unmaintained.
Thats really a shame :/
Maintained projects:
- https://github.com/Mermade/oas-kit/blob/master/packages/swagger2openapi/README.md
- https://github.com/Redocly/redoc/blob/master/cli/README.md
- https://github.com/stoplightio/spectral
I ended up using spectral
although they have a quite annoying issue at the moment https://github.com/stoplightio/spectral/issues/955
Such a shame this is abandoned :(
@MikeRalphson @pkuczynski do you guys have any suggestions for compiling multiple swagger docs into a single file? My work maintains an API and the swagger documentation for it is maintained in separate files, one for each endpoint. Obviously this helps with maintaining the files, but makes swagger very slow on initial load which is rather unbearable.
Thanks!
@heyratfans oas-kit as above or https://github.com/APIDevTools/json-schema-ref-parser